Entering content frameProcedure documentation Defining Filters Locate the document in its SAP Library structure

Use

You define the events that the Security Audit Log should record in filters.

You can specify the following information in the filters:

For examples of filters, see Example Filters.

You can define filters that you save in static profiles in the database (see Maintaining Static Profiles) or you can define them dynamically for one or more application servers (see Changing Filters Dynamically).

Prerequisites

Procedure

  1. Select the tabstrip for the filter you want to define.
  2. Enter the Client and User names in the corresponding fields.

    3. Note

    You can use the wildcard (*) value to define the filter for all clients or users. However, a partially generic entry such as 0* or ABC* is not possible.

  3. Select the corresponding Audit classes for the events you want to audit.
  4. Audit events are divided into three categories, critical, important, and non-critical. Select the corresponding categories to audit.
  1. If you want to define the events to audit more specifically:
    1. Choose Detailed configuration.

      2. A table appears containing a detailed list of the audit classes with their corresponding event classes (critical, severe, non-critical) and message texts. (The message texts correspond to the system log messages AU<X>.)

    2. Select the events you want to audit. You can either:
    1. Choose Accept changes. This graphic is explained in the accompanying text

The filter tabstrips reappear.

Note

If you have made detailed settings, then the audit class and event class indicators no longer appear in the corresponding filter tabstrip. To cancel the detailed settings and reload the default configuration, choose Reset.

  1. To activate the filter, select the Filter active indicator.
  2. Continue with defining static profiles or changing filters dynamically.
Leaving content frame